Control: Certificates should not be expired

Description

SSL certificates ensure secure connections between a server and other web entities and provide validation that a browser is indeed communicating with a validated website server. Once it expires, your website is no longer recognized on the web as safe and secure and it is vulnerable to cyber-attacks.

Usage

Run the control in your terminal:

powerpipe control run net_insights.control.ssl_certificate_not_expired

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run net_insights.control.ssl_certificate_not_expired --share

Steampipe Tables

net_certificate

Params

Args	Name	Default	Description	Variable
$1	domain_names	`["github.com","microsoft.com"]`	DNS domain names.	domain_names

SQL

select
  common_name as resource,
  case
    when now() > not_after then 'alarm'
    else 'ok'
  end as status,
  case
    when now() > not_after then common_name || ' is expired.'
    else common_name || ' expires in ' || date_trunc('day', age(not_after, now())) || '.'
  end as reason
from
  net_certificate
where
  domain in (select jsonb_array_elements_text(to_jsonb($1::text[])))
order by common_name;